Home > Blogs > Tribal Knowledge > Monthly Archives: March 2013

Monthly Archives: March 2013

Partnership, Choice and the Hybrid Cloud

by Bogomil Balkansky,
Sr Vice President, Cloud
Infrastructure Platform

There is much rhetoric these days about “cloud wars”.  Beyond the rhetoric, the hype is there for a reason: the value of hybrid cloud environments is becoming real, and the market opportunity even more real.  We are proud to serve our customers as a leading provider of virtualization software and cloud infrastructure.  And we’re equally proud of what our customers are achieving with VMware as a partner.

As the spirited dialogue continues, I’d like to step back and simply communicate what we hear our customers say matters most, and how we’re extending VMware’s ability to best serve our customers.

But first, some context. There is an emerging class of technology providers—like eBay, Google and Amazon—with large-scale engineering organizations developing customized infrastructure solutions.    For these companies, their infrastructure is literally their product…and they invest deeply to create solutions optimized for very specific business needs.  However, this level of investment in custom solutions is typically not cost effective for most businesses.  The commercially supported solutions that serve these customers make the bulk of the market.  There is a ton of innovation in this market, which VMware is privileged to serve.

Our relationship with eBay and PayPal is a partnership we’re proud of, and a great example of the role VMware plays in both typical customer environments and in a bleeding-edge cloud development initiative.

Nat Rajesh Natarajan, VP of Platform Engineering & Operations at PayPal, says it best: “PayPal is focused on delivering agile platforms that seamlessly scale across multiple cloud environments. Our initiative with OpenStack is intended to enable agility, innovation and choice. We’re not interested in a “rip and replace’ approach. In fact, this collaboration will help us utilize robust virtualization technologies such as VMware. They are a valued PayPal partner, and we intend to continue leveraging their core strengths in our cutting edge cloud environment.”

(Yes, PayPal has given us permission to post Nat’s words.  We’d never speak on their behalf…this is their story to tell).

To serve our customers, VMware has made important decisions.  We support heterogeneous cloud environments—this is the reality of most of our customers’ environments, and they need to manage and automate this complexity quickly and efficiently.   This means we engage across a rich ecosystem of vendors and open-source solutions to give our customers the choice and flexibility they need to empower their people and their organizations.  To be clear, customers don’t want their vendors at war, they want them focused on their success.

We’ve also made a commitment to our customers’ future.  This means we have and continue to aggressively innovate, partner and acquire to extend the benefits of virtualization software across the entire data center…compute, network, storage and management. This is our Software-Defined Data Center architecture, and it’s why we’re building it to serve as an infrastructure or as a service, as our customers choose.

Thank you, PayPal, for your trust and partnership.   This type of relationship  with our customers is something we earn every day—through keeping our commitments, deepening our value, and giving them what they want most from VMware — the ability to run any application, anywhere and on any cloud;  the power that comes from efficiency, control and agility; and all of this, without sacrificing choice.

VMware NSX Network Virtualization

by Hatem Naguib,
Vice President
Networking & Security
*Co-Authored by Brad Hedlund

Networking is stuck in the past

It wasn’t that long ago when provisioning server resources for an application was manual, time consuming, hardware dependent, error prone, and grossly inefficient.  As with many computer science problems, the solution to this inefficiency was automation through software abstraction – enabled by server virtualization.  The release of VMware ESX paved the way for enterprises to rapidly deploy any application on any server, non-disruptively, by enabling the fundamental abstraction of servers from hardware – creating the virtual machine.  Through server virtualization software, application servers are encapsulated into virtual machines, and programmatically deployed with APIs on top generalized pools of CPU and memory resources.  The first important step toward the software defined data center.

Meanwhile, through all of the advances in server virtualization and cloud computing, networking has remained stuck in the past.  Still today, provisioning network and security for an application is a manual effort; requiring a human, keyboard, and CLI.  Each manual configuration must be carefully engineered across numerous devices, resulting in time consuming and error prone deployments.  And coupling the network’s capabilities to hardware limits choice, creates choke points, and restricts workload placement – creating an unnecessary drag on the overall efficiency of everything in the infrastructure (servers and storage) attached to the traditional networking paradigms conceived in the 20th century.

It’s time to virtualize Networking

To realize the full potential of the software defined data center, networking and security must move forward into the 21st century with a similar software abstraction layer that transformed computing – network virtualization.  VMware NSX paves the way for enterprises to rapidly deploy networking and security for any application, on any general purpose hardware, non-disruptively, by enabling the fundamental abstraction of networks from networking hardware – creating the virtual network.

Through network virtualization, more simplified logical networking devices and services can be abstracted away from the complexities of physical network engineering, exposed as logical networking objects across a fully distributed virtualization layer, and consumable through northbound APIs.  In this process, the network virtualization layer leaves behind a more simplified physical network layer.  VMware NSX exposes these simplified logical networking devices and services as logical ports, logical switches, logical routers, distributed virtual firewalls, virtual load balancers, and more, with monitoring, QoS, and security; backed by VMware NSX edge virtualization software or partner appliances.

These logical network abstractions are similar in principle to how server virtualization abstracts and exposes simplified elements of virtual CPU, virtual memory, and virtual storage – assembled in any combination to create a virtual machine.  And like server virtualization, any combination of logical network device and security policy can be assembled together into any topology — creating a virtual network — deployed programmatically through APIs.  A complete and feature rich virtual network can be defined at liberty from any constraints in physical switching infrastructure features, topologies or resources.

With network virtualization, each application’s virtual network and security topology is equally mobile and in lock-step with the fluid virtual compute layer, automated with APIs, and decoupled from custom/proprietary hardware.

VMware NSX: a platform for Network Virtualization

VMware NSX will be the world’s leading network and security virtualization platform providing a full-service, programmatic, and mobile virtual network for virtual machines, deployed on top of any general purpose IP network hardware.  The VMware NSX platform brings together the best of Nicira NVP and VMware vCloud Network and Security (vCNS) into one unified platform.  VMware NSX exposes a complete suite of simplified logical networking elements and services including logical switches, routers, firewalls, load balancers, VPN, QoS, monitoring, and security; arranged in any topology with isolation and multi-tenancy through programmable APIs – deployed on top of any physical IP network fabric, resident with any compute hypervisor, connecting to any external network, and consumed by any cloud management platform (e.g. vCloud, OpenStack, CloudStack).

The VMware NSX platform is assembled with five basic components: Controller Cluster, Hypervisor vSwitches, Gateways, Ecosystem partners, and NSX Manager.

Controller Cluster

The VMware NSX controller cluster is the highly available scale-out distributed system of x86 machines responsible for the programmatic deployment of virtual networks across the entire architecture.  The controller cluster accepts API requests from northbound management platforms (e.g. vCloud, OpenStack), calculates the virtual network topology, and proactively programs the hypervisor vswitches and Gateways with the appropriate real-time configuration and forwarding state.  As the computing environment dynamically changes, the controller cluster updates the necessary components to keep the virtual network state in lock-step with the virtual computing state.

The NSX controller cluster provides a logically centralized, yet physically distributed control layer.  Each x86 machine in the cluster shares an equal portion of all the work required, and provides immediate backup capacity for any lost cluster nodes.  Additional nodes can be added to the cluster as needed when the virtual networks under management need to scale.

The NSX controller cluster has visibility to all virtual machines and network services provisioned with NSX.  With this authoritative knowledge, the NSX controller cluster can preemptively program all NSX components with the virtual network topology.  The NSX controller cluster is completely out-of-band, and never handles a data packet.

Hypervisor vSwitch

Each hypervisor has a high performance in-kernel vSwitch with a programmable L2-L4 data plane and configuration database.  The controller cluster programs each hypervisor vSwitch with a real-time configuration and forwarding state, to match the desired virtual network topology to which the virtual machines are attached.  As any given virtual network spans multiple hypervisors, the controller dynamically programs IP encapsulation tunnels (STT and VXLAN) between hypervisors, decoupling the VM address space and virtual networks from the physical network fabric – similar to the encapsulation and decoupling of virtual machines from physical machines.

The combination of API interfaces, intelligent scale-out controller, scale-out in-kernel L2-L4 software data plane, and tunneling, form the basic building block exposing simplified L2-L4 virtual network elements arranged in any arbitrary topology, for any application.

Beyond simple network topology virtualization, VMware NSX enables new and previously unthinkable paradigms in network security virtualization.  Paradigms such as decoupling network security from IP addressing, enabled by a high performance fully distributed in-kernel state full firewall attached directly to virtual machines, capable of triggering on a rich set of high level objects and context – far beyond basic TCP/IP header inspection.


VMware NSX provides scale-out Gateway services that connect virtual networks within VMware NSX to non-virtual hosts, remote sites, and external networks.  Gateway nodes provide a Gateway service, implementing the same programmable vSwitch as hypervisors, and managed by the controller cluster.

VMware NSX Gateway services provide a secure path into and out of the software defined data center. NSX Gateway nodes can be deployed in active/active HA pairs, and offer IP routing, MPLS, NAT, Firewall, VPN, and Load Balancing services for securing and controlling traffic at the north/south edge of one or more NSX virtual networks.

Some applications within NSX might need to connect to services on non-virtual hosts within the data center, such as IP storage.  For this requirement, NSX offers L2 Gateway services where HA pairs of dedicated L2 Gateway nodes, or partner Top of Rack switches, can bridge between NSX virtual networks and VLANs on a physical network.  L2 Gateway services can also be placed at remote sites, bridging a remote VLAN to an NSX virtual network, for migrating workloads to and from the cloud data center.

The cloud management platform defines any necessary L2 or L3 Gateway services via API requests to the controller cluster, which calculates the topology and programs Gateway nodes with the necessary tunnels (VXLAN, STT) and forwarding state, thereby attaching the NSX virtual networks to the appropriate Gateway service.

Note: VMware NSX provides intelligent replication (over tunnels) for broadcast, multicast, and unknown unicast frames – providing logical switches within NSX a familiar L2 service model over any standard IP routed network, with or without IP multicast.  VMware NSX can also offload IPSec encryption for NSX virtual networks and tunnels that extend to remote sites.

Ecosystem Partners

At the heart of VMware NSX is an extensible platform that enables partners to register their services with the VMware NSX controller, and seamlessly insert the respective capabilities into virtual networks.  The use of open interfaces and open protocols allows an ecosystem of partners to easily integrate with VMware NSX using well known interfaces based on widely used open source software. More on this topic is available in this blog.  Likewise, partners can attach L4-L7 service appliances to VMware NSX to be exposed as services available to virtual networks.

NSX Manager

VMware NSX Manager provides a web-based GUI management dashboard for user friendly human interaction with the VMware NSX controller cluster API, for system setup, administration and troubleshooting.  The system administrator can view logs and connectivity status of all VMware NSX components and virtual network elements (logical switches, logical routers, gateways, etc.).  Powerful troubleshooting tools facilitate an easy mapping between virtual network topologies and the physical underlying IP network.

Like a virtual machine, VMware NSX Manager can take snapshots of the entire state of the virtual network for backup, restores, introspection, and archival.

Bringing it all together

VMware NSX is the unified platform for network and security virtualization, accelerating the capabilities of networking into the 21st century through the very same software-driven abstractions that enabled virtualized computing.  In doing so, VMware NSX brings with it the same desirable properties of server virtualization to networking and security; rapid programmatic provisioning, non-disruptive deployment, supporting legacy and new applications simultaneously on any general purpose IP networking hardware, and decoupling networking services from rigid hardware into flexible and scalable software.

VMware NSX reproduces the useful properties of a traditional physical network into a more simplified logical network abstraction layer, with high fidelity, delivering flexible network topologies, features, and security for both enterprise applications and web scale cloud computing workloads.

Expected to launch in the second half of 2013, VMware NSX represents the full potential of network virtualization by working across VMware and non-VMware hypervisors and cloud management systems, as well as any underlying networking hardware.  Customers already leveraging vCloud Networking and Security and the Nicira Virtualization Platform (NVP) to virtualize networking will have a simple path to migrate to VMware NSX.

Editor’s Note: To stay up to date with the latest on Network Virtualization follow the VMware Network Virtualization Blog


ClearSlide Acquires SlideRocket

by Chuck Dietrich, Vice President

ClearSlide Acquires SlideRocket

In 2013, VMware is executing against three growth priorities – Software Defined Data Center, Hybrid Cloud and End-User Computing.  Given these growth priorities, the time has come to part ways with SlideRocket.

Today ClearSlide announced that they have acquired SlideRocket from VMware. As part of the acquisition, ClearSlide is acquiring SlideRocket’s engineering platform, existing customers and the core SlideRocket team.

Clearslide and SlideRocket have both been leading the reinvention of workplace presentations and now have the opportunity to build an even more robust platform together. Together with SlideRocket, ClearSlide will be able to create one simple and powerful solution for engaging sales prospects.

SlideRocket reached some significant milestones since being acquired by VMware, including 400 percent growth and reinventing the way more than one million companies tell their stories.  By acquiring SlideRocket, VMware gained a stronger understanding of end-user applications and  infused a new way to work into the VMware culture.

It was important to VMware to find a partner to be a good fit for existing SlideRocket customers. ClearSlide is committed to providing continuity for existing SlideRocket users.

The acquisition is final and current SlideRocket customers have been notified. If you’re interested in learning more about ClearSlide and SlideRocket visit the ClearSlide blog: http://www.clearslide.com/public/content/company/blog